Sunder. Windows rootkit designed to work with BYOVD exploits
224theHandler-BOF. Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
41skeleton-keyfob. A tool in Python used with the Yardstick One to perform replay and rolling code attacks, specifically on cars.
19Scoop-the-Pool-Template. Code template to perform the 'Scoop the Pool' technique to turn Windows kernel pool overflow bugs into read and write primitives
10Powershell-DLL-Injection. AMSI Bypass and DLL injection payload with Powershell with a C++ shellcode runner DLL
6word-vba-process-hollowing. Code to perform process hollowing in a Word macro
5x64-shellcode-encoder. Custom 64 bit shellcode encoder that evades detection and removes some common badchars (\x00\x0a\x0d\x20)
4thread-hijacking-in-csharp. Performs thread hijacking of a process thread to execute malicious code, then resumes where the thread left off
2linux-persistence-malware. Basic examples of library hijacking and function hooking in Linux
2x86-com-hijack-shellcode. 32 bit shellcode that performs COM hijacking with Chrome
1